package org.zjt.auth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.zjt.auth.security.AuthenticationTokenFilter;
import org.zjt.auth.security.EncryptPW;

@Configuration  
@EnableWebSecurity  
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {  
  
    @Autowired  
    private UserDetailsService userDetailsService;  
    @Autowired  
    private RestAuthenticationFailureHandler authenticationFailureHandler;  
    @Autowired  
    private RestAuthenticationSuccessHandler successHandler;


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public AuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
        AuthenticationTokenFilter authenticationTokenFilter = new AuthenticationTokenFilter();
        authenticationTokenFilter.setAuthenticationManager(authenticationManagerBean());
        return authenticationTokenFilter;
    }
  
    @Override  
    protected void configure(HttpSecurity http) throws Exception {  
  
        http.csrf().disable();// csrf:Cross-site request forgery跨站请求伪造  
          
        http.authorizeRequests()

                //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

                // allow anonymous resource requests
         .antMatchers(
                 HttpMethod.GET,
                 "/",
                 "/*.html",
                 "/favicon.ico",
                 "/**/*.css",
                 "/**/*.js"
         ).permitAll().antMatchers("/auth/**").permitAll()
        .anyRequest().authenticated()
        .antMatchers("/user/**").hasAnyAuthority("USER");

        // Custom JWT based authentication
        http
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);



       /*.and
        .formLogin() // 登陆表单  
                .failureHandler(authenticationFailureHandler) // failure handler  
                .successHandler(successHandler) // success handler  
                .loginProcessingUrl("/login")// default is /login with an HTTP  
                .permitAll(); // premit all authority  
        */
//        登录设置
//        .usernameParameter("username")//登陆用户名参数  
//        .passwordParameter("password")//登陆密码参数  
//        .defaultSuccessUrl("/login/success")//登陆成功路径  
//        .failureUrl("/login/failure");//登陆失败路径  
        
//        允许访问的url
//        .antMatchers("/login.html","/login/failure").permitAll()
        
        
    }  
  
//    @Autowired  
//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {  
//    	 auth.userDetailsService(userDetailsService);  
//    	//  auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");//创建一个默认的用户存储在内存中  
//    }

    /*@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
        auth.userDetailsService(userDetailsService).passwordEncoder(new EncryptPW());
    }  */
    
    
} 